Job Description - Senior Specialist, Agile Security and Risk Management Assessment Job Number:12002608D20241107
DISCOVER your opportunity The Secure Project Lifecycle process has been established to perform risk assessments, ensuring security is considered as part of the design and throughout the project lifecycle.
The SPL process governs projects within the Planview time recording and management system and those that are managed outside such as Move to the Cloud (MttC) programme.
The role will be to augment the Information Security team to perform risk assessments of projects, provide guidance and acquire outcomes/decisions from the project manager, enterprise architect, technical architect, solutions architect, data privacy officer, project management office, strategic change development, IT Infrastructure and Operations and penetration testers.
Responsibilities: Review submission of IS Criticality Assessment (ISCA) questionnaire (ISCA Dashboard)Determine high level security requirements and project criticality, based on standard project activities and data classification from DP pre-screeningWork with assigned architect to ensure security requirements are finalized in design (High Level Design), review with Enterprise Architecture, Solutions Architecture, Cyber Security and Cyber AssuranceReview of all security requirements and evidence provided by the project manager to support closure of each requirement:Review and feedback on ISCA questionnaireReview and feedback on High Level Design (HLD)Present at ISCA Project Technical ReviewAttend and obtain HLD sign-off at Technical Design Authority, Solutions Design Authority (SDA) and Data Intelligence and Analytics (DIA)Obtain Third Party Risk Evaluation Platform (TPREP) scorecard for TP SaaS solutions from Security Contracts teamObtain Minimum Technical Security Baseline compliance reporting from QualysGuardObtain Cloud Permit from Enterprise ArchitectureObtain Code Review and Analysis – in house solutions only from SCDSelf-serve vulnerability assessment compliance report of assets in scopeLiaise with Cyber Assurance on penetration testing of solution and obtain sign offObtain Digital Hub registration for external facing solutions from Cyber AssuranceProduce Project Security Assessment closure reportPerform a final review of all open security requirements and their status before any stage gate approval can be provided (effectively the Production Go/No-go decision).
Ensure AXA XL SDLC agile, waterfall and infra waterfall processes are followedStore all evidence in IS projects shared areaUpdate the project register daily to ensure project status is maintained and update the Project Security Assessment (PSA) template as a record of activity.
Submit PSA for sign off to complete risk assessmentManage project RAG status ensuring activities trending amber and red are highlighted to management and the project managerLiaise with project manager to support the development of the risk acceptance (PM is responsible) where neededAttend meetings with project manager, stakeholders, ISCA technical review, architectural design authorities and pen testing reviews.
Challenge design decisions not compliant with security, escalate issues when they become known, offer options to resolveAll deliverables are subject to an internal quality assurance and peer reviews will be conducted by the Information Security team.
Qualifications: Bachelor's degree in computer science, Engineering, or related field with a senior level of professional experience (Required)Established knowledge of performing project risk assessments (Required)Experience in performing Information Security technical risk assessments (Required)Proficient in information security risk and governance frameworks (ISO 27005, EBIOS)Expert analytical and reporting skills (Required)Expert in Microsoft Office (Word, Excel, PowerPoint, Access) (Required)Ability to effectively communicate and positively influence diverse stakeholders and team members (Required)Excellent attention to detail and the ability to create clear, concise, and engaging presentations (Required)Information Security and /or Information Technology industry certification (CISSP, CISM, CRISC, GIAC, CISSP or equivalent) (Required)Experience in articulating IS risks in business language and advising on the appropriate risk management actionExperience in information security management reporting and related methodologiesExperience in multinational companies (Preferred)Location: GB-GB-Ipswich
Schedule: Full-time
Job Type: Standard
AXA XL is an Equal Opportunity Employer and does not discriminate against any colleague or applicant for employment on the basis of race, color, national origin, religion, sex, gender identity and/or expression, sexual orientation, age, disability, genetic information, veteran status, military status or any other category protected by local law.
#J-18808-Ljbffr